1 .\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.41)
4 .\" ========================================================================
5 .de Sp \" Vertical space (when we can't use .PP)
9 .de Vb \" Begin verbatim text
14 .de Ve \" End verbatim text
18 .\" Set up some character translations and predefined strings. \*(-- will
19 .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
20 .\" double quote, and \*(R" will give a right double quote. \*(C+ will
21 .\" give a nicer C++. Capital omega is used to do unbreakable dashes and
22 .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
23 .\" nothing in troff, for use with C<>.
25 .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
29 . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
30 . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
45 .\" Escape single quotes in literal strings from groff's Unicode transform.
49 .\" If the F register is >0, we'll generate index entries on stderr for
50 .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
51 .\" entries marked with X<> in POD. Of course, you'll have to process the
52 .\" output yourself in some meaningful fashion.
54 .\" Avoid warning from groff about undefined register 'F'.
58 .if \n(.g .if rF .nr rF 1
59 .if (\n(rF:(\n(.g==0)) \{\
62 . tm Index:\\$1\t\\n%\t"\\$2"
72 .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
73 .\" Fear. Run. Save yourself. No user-serviceable parts.
74 . \" fudge factors for nroff and troff
83 . ds #H ((1u-(\\\\n(.fu%2u))*.13m)
89 . \" simple accents for nroff and troff
99 . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
100 . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
101 . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
102 . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
103 . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
104 . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
106 . \" troff and (daisy-wheel) nroff accents
107 .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
108 .ds 8 \h'\*(#H'\(*b\h'-\*(#H'
109 .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
110 .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
111 .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
112 .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
113 .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
114 .ds ae a\h'-(\w'a'u*4/10)'e
115 .ds Ae A\h'-(\w'A'u*4/10)'E
116 . \" corrections for vroff
117 .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
118 .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
119 . \" for low resolution devices (crt and lpr)
120 .if \n(.H>23 .if \n(.V>19 \
133 .\" ========================================================================
136 .TH TSGET 1 "2020-12-08" "1.1.1i" "OpenSSL"
137 .\" For nroff, turn off justification. Always turn off hyphenation; it makes
138 .\" way too many mistakes in technical documents.
142 openssl\-tsget, tsget \- Time Stamping HTTP/HTTPS client
144 .IX Header "SYNOPSIS"
146 \&\fB\-h\fR server_url
147 [\fB\-e\fR extension]
151 [\fB\-k\fR private_key.pem]
152 [\fB\-p\fR key_password]
153 [\fB\-c\fR client_cert.pem]
154 [\fB\-C\fR CA_certs.pem]
156 [\fB\-r\fR file:file...]
157 [\fB\-g\fR EGD_socket]
160 .IX Header "DESCRIPTION"
161 The \fBtsget\fR command can be used for sending a timestamp request, as
162 specified in \fB\s-1RFC 3161\s0\fR, to a timestamp server over \s-1HTTP\s0 or \s-1HTTPS\s0 and storing
163 the timestamp response in a file. This tool cannot be used for creating the
164 requests and verifying responses, you can use the OpenSSL \fB\fBts\fB\|(1)\fR command to
165 do that. \fBtsget\fR can send several requests to the server without closing
166 the \s-1TCP\s0 connection if more than one requests are specified on the command
169 The tool sends the following \s-1HTTP\s0 request for each timestamp request:
173 \& User\-Agent: OpenTSA tsget.pl/<version>
174 \& Host: <host>:<port>
176 \& Content\-Type: application/timestamp\-query
177 \& Accept: application/timestamp\-reply
178 \& Content\-Length: length of body
180 \& ...binary request specified by the user...
183 \&\fBtsget\fR expects a response of type application/timestamp\-reply, which is
184 written to a file without any interpretation.
187 .IP "\fB\-h\fR server_url" 4
188 .IX Item "-h server_url"
189 The \s-1URL\s0 of the \s-1HTTP/HTTPS\s0 server listening for timestamp requests.
190 .IP "\fB\-e\fR extension" 4
191 .IX Item "-e extension"
192 If the \fB\-o\fR option is not given this argument specifies the extension of the
193 output files. The base name of the output file will be the same as those of
194 the input files. Default extension is '.tsr'. (Optional)
195 .IP "\fB\-o\fR output" 4
197 This option can be specified only when just one request is sent to the
198 server. The timestamp response will be written to the given output file. '\-'
199 means standard output. In case of multiple timestamp requests or the absence
200 of this argument the names of the output files will be derived from the names
201 of the input files and the default or specified extension argument. (Optional)
204 The name of the currently processed request is printed on standard
208 Switches on verbose mode for the underlying \fBcurl\fR library. You can see
209 detailed debug messages for the connection. (Optional)
210 .IP "\fB\-k\fR private_key.pem" 4
211 .IX Item "-k private_key.pem"
212 (\s-1HTTPS\s0) In case of certificate-based client authentication over \s-1HTTPS\s0
213 <private_key.pem> must contain the private key of the user. The private key
214 file can optionally be protected by a passphrase. The \fB\-c\fR option must also
215 be specified. (Optional)
216 .IP "\fB\-p\fR key_password" 4
217 .IX Item "-p key_password"
218 (\s-1HTTPS\s0) Specifies the passphrase for the private key specified by the \fB\-k\fR
219 argument. If this option is omitted and the key is passphrase protected \fBtsget\fR
220 will ask for it. (Optional)
221 .IP "\fB\-c\fR client_cert.pem" 4
222 .IX Item "-c client_cert.pem"
223 (\s-1HTTPS\s0) In case of certificate-based client authentication over \s-1HTTPS\s0
224 <client_cert.pem> must contain the X.509 certificate of the user. The \fB\-k\fR
225 option must also be specified. If this option is not specified no
226 certificate-based client authentication will take place. (Optional)
227 .IP "\fB\-C\fR CA_certs.pem" 4
228 .IX Item "-C CA_certs.pem"
229 (\s-1HTTPS\s0) The trusted \s-1CA\s0 certificate store. The certificate chain of the peer's
230 certificate must include one of the \s-1CA\s0 certificates specified in this file.
231 Either option \fB\-C\fR or option \fB\-P\fR must be given in case of \s-1HTTPS.\s0 (Optional)
232 .IP "\fB\-P\fR CA_path" 4
233 .IX Item "-P CA_path"
234 (\s-1HTTPS\s0) The path containing the trusted \s-1CA\s0 certificates to verify the peer's
235 certificate. The directory must be prepared with the \fBc_rehash\fR
236 OpenSSL utility. Either option \fB\-C\fR or option \fB\-P\fR must be given in case of
237 \&\s-1HTTPS.\s0 (Optional)
238 .IP "\fB\-rand\fR file:file..." 4
239 .IX Item "-rand file:file..."
240 The files containing random data for seeding the random number
241 generator. Multiple files can be specified, the separator is \fB;\fR for
242 MS-Windows, \fB,\fR for \s-1VMS\s0 and \fB:\fR for all other platforms. (Optional)
243 .IP "\fB\-g\fR EGD_socket" 4
244 .IX Item "-g EGD_socket"
245 The name of an \s-1EGD\s0 socket to get random data from. (Optional)
247 .IX Item "[request]..."
248 List of files containing \fB\s-1RFC 3161\s0\fR DER-encoded timestamp requests. If no
249 requests are specified only one request will be sent to the server and it will be
250 read from the standard input. (Optional)
251 .SH "ENVIRONMENT VARIABLES"
252 .IX Header "ENVIRONMENT VARIABLES"
253 The \fB\s-1TSGET\s0\fR environment variable can optionally contain default
254 arguments. The content of this variable is added to the list of command line
257 .IX Header "EXAMPLES"
258 The examples below presume that \fBfile1.tsq\fR and \fBfile2.tsq\fR contain valid
259 timestamp requests, tsa.opentsa.org listens at port 8080 for \s-1HTTP\s0 requests
260 and at port 8443 for \s-1HTTPS\s0 requests, the \s-1TSA\s0 service is available at the /tsa
263 Get a timestamp response for file1.tsq over \s-1HTTP,\s0 output is written to
267 \& tsget \-h http://tsa.opentsa.org:8080/tsa file1.tsq
270 Get a timestamp response for file1.tsq and file2.tsq over \s-1HTTP\s0 showing
271 progress, output is written to file1.reply and file2.reply respectively:
274 \& tsget \-h http://tsa.opentsa.org:8080/tsa \-v \-e .reply \e
275 \& file1.tsq file2.tsq
278 Create a timestamp request, write it to file3.tsq, send it to the server and
279 write the response to file3.tsr:
282 \& openssl ts \-query \-data file3.txt \-cert | tee file3.tsq \e
283 \& | tsget \-h http://tsa.opentsa.org:8080/tsa \e
287 Get a timestamp response for file1.tsq over \s-1HTTPS\s0 without client
291 \& tsget \-h https://tsa.opentsa.org:8443/tsa \e
292 \& \-C cacerts.pem file1.tsq
295 Get a timestamp response for file1.tsq over \s-1HTTPS\s0 with certificate-based
296 client authentication (it will ask for the passphrase if client_key.pem is
300 \& tsget \-h https://tsa.opentsa.org:8443/tsa \-C cacerts.pem \e
301 \& \-k client_key.pem \-c client_cert.pem file1.tsq
304 You can shorten the previous command line if you make use of the \fB\s-1TSGET\s0\fR
305 environment variable. The following commands do the same as the previous
309 \& TSGET=\*(Aq\-h https://tsa.opentsa.org:8443/tsa \-C cacerts.pem \e
310 \& \-k client_key.pem \-c client_cert.pem\*(Aq
315 .IX Header "SEE ALSO"
316 \&\fBopenssl\fR\|(1), \fBts\fR\|(1), \fBcurl\fR\|(1),
317 \&\fB\s-1RFC 3161\s0\fR
319 .IX Header "COPYRIGHT"
320 Copyright 2006\-2020 The OpenSSL Project Authors. All Rights Reserved.
322 Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use
323 this file except in compliance with the License. You can obtain a copy
324 in the file \s-1LICENSE\s0 in the source distribution or at
325 <https://www.openssl.org/source/license.html>.